Legal

Privacy Policy

Last updated: May 28, 2026 · Version 2.6

At ASPharma Chile SpA ("ASPharma", "we") we respect the privacy of people who interact with our website www.aspharma.cl and our commercial contact channels. This Privacy Policy describes how we collect, use, protect and disclose the personal data we process in the context of our business-to-business (B2B) commercial activities. This Policy is governed by Law No. 19.628 on the protection of private life and by Law No. 21.719 on the protection of personal data, which fully reforms the previous regime and comes into full force on December 1, 2026. ASPharma adopts the standards of Law No. 21.719 from now on in order to ensure the highest level of protection to data subjects.

Data controller

Legal name
ASPharma Chile SpA
Tax ID (RUT)
77.284.961-3
Address
Av. Presidente Kennedy 7440, Of. 701, 7650618, Vitacura, Región Metropolitana, Chile
Website
www.aspharma.cl
Privacy contact
privacidad@aspharma.cl

The data controller is the party that decides on the purposes and means of processing your personal data, as defined by applicable regulations.

Scope and B2B nature

ASPharma operates as a B2B professional services provider within the value chain of the food supplements and nutraceutical products sector. Our service areas include:

  • Management and development of formulations.
  • Logistics and import support, including customs management.
  • Regulatory advisory and obtainment of certifications before the Public Health Institute (ISP) and other competent authorities.

ASPharma does not market products to end consumers. Our clients are sector companies (brands, manufacturers, importers, entrepreneurs and other companies in the value chain), not consumers or patients.

The contact form available on our landing page is intended exclusively for corporate and professional counterparts interested in our services.

Given the B2B professional services nature of our activity, we do not request or need sensitive personal information (health data, medical conditions or third-party personal information) to respond to your inquiry. If a user, voluntarily or involuntarily, includes such information in a free-text field of the form, ASPharma:

  • a) Will not use such information for any purpose;
  • b) Will proceed to delete it as soon as it is identified; and
  • c) Advises the user not to include sensitive personal information in their communications.

Personal data we collect

3.1 Data provided directly

Through the contact form we collect the following personal data, all of them in a professional context:

  • First and last name of the professional contact.
  • Company or organization represented.
  • Email address (preferably corporate).
  • Message, inquiry or commercial request.

3.2 Data collected automatically

While browsing our website, the following technical data may be collected in a limited manner and by infrastructure and analytics providers:

  • IP address (anonymized in the case of analytics).
  • Browser type and version.
  • Operating system and device.
  • Pages visited, time spent and browsing behavior (only if you have given consent for analytics cookies).
  • Technical data derived from Cloudflare Turnstile anti-bot verification when you complete and submit the form.

For website usage analysis we use Google Analytics 4 (GA4), an analytics tool from Google LLC. GA4 is only activated when the user gives express consent through the cookie banner shown on the first visit. Details on the use of cookies, local storage and analytics tools are described in Section 14 of this Policy and in our specific Cookie Policy.

Purposes of processing

The personal data collected will be used solely for the following purposes:

  • a) Handling inquiries and commercial requests: responding to your request, inquiry or professional requirement expressed through the form regarding our formulation, logistics and certification services.
  • b) B2B commercial relationship management: maintaining commercial contact records, evaluating business opportunities, performing commercial follow-up and managing the professional relationship between ASPharma and the company you represent.
  • c) Compliance with legal and regulatory obligations: responding to requirements from competent authorities (SII, ISP, courts of justice, the future Data Protection Agency, among others) and complying with applicable sectoral regulations.
  • d) Security, fraud prevention and site improvement: protecting our systems, preventing misuse of the form and improving user experience and the operation of the website.

ASPharma does not currently send commercial, promotional or marketing communications through the data collected by this form. If in the future we decide to start sending such communications, we will do so only upon prior request and obtaining the data subject's express, specific and separate consent, updating this Policy beforehand to reflect that practice.

ASPharma does not carry out processing based on automated decisions with significant legal effects on the data subject, nor does it perform profiling with such scope.

Legal bases for processing

The processing of your personal data is based on one of the following legal grounds, depending on the specific purpose:

Purpose Legal basis
Handling inquiries (a) Data subject's consent and/or pre-contractual measures requested by them
Commercial relationship management (b) Contractual performance and/or legitimate interest of ASPharma in managing its B2B commercial activity
Legal compliance (c) Compliance with legal obligations
Security and improvement (d) Legitimate interest of ASPharma duly balanced

Nature of consent

When processing is based on your consent, it will be freely given, specific, informed and unambiguous, granted by means of a clear affirmative action (ticking a non-pre-checked box when submitting the form).

You may withdraw your consent at any time, without this affecting the lawfulness of processing carried out before its withdrawal. To do so, write to us at privacidad@aspharma.cl.

Retention periods

We will retain your personal data only for as long as necessary to fulfil the stated purposes, applying the following criteria:

Data type / context Retention period
Form data without subsequent commercial relationship Up to 12 months from the last effective contact
Contact data within an active commercial relationship Throughout the term of the commercial relationship
Data following the end of the commercial relationship Up to 5 years after the end, for purposes of potential legal and accounting liability
Audit records and security logs Up to 2 years
Data whose retention is legally mandated For the corresponding legal period

Once the periods expire, the data will be deleted, blocked or anonymized securely, unless a legal obligation requires a longer retention.

Disclosure to third parties and data processors

ASPharma does not sell, rent or trade personal data under any circumstances.

We may disclose your personal data to the following categories of recipients:

8.1 Data processors

Providers that process data on behalf of ASPharma:

  • Hosting and cloud storage providers.
  • Email and communications service providers.
  • Form management and CRM platforms.
  • Cloudflare, Inc., as provider of the Cloudflare Turnstile anti-bot service integrated in the contact form, exclusively to verify that the submission comes from a legitimate user and not from an automated bot.
  • Google LLC, as provider of the Google Analytics 4 (GA4) analytics service, exclusively when the user has given express consent through the cookie banner, for the purpose of measuring website usage and improving the user experience.
  • IT, technical support and cybersecurity service providers.
  • External legal advisors, accountants and auditors subject to confidentiality obligations.

ASPharma does not use advertising, remarketing or cross-site behavior tracking tools (such as Meta Pixel, LinkedIn Insight Tag, Google Ads or similar).

Every data processor will be bound to ASPharma by a contract that guarantees a level of protection equivalent to that required by this Policy and by applicable regulations, including confidentiality, security measures and prohibition of use for their own purposes.

8.2 Authorities and public entities

When there is a legal obligation, a judicial requirement or a duly grounded request from a competent authority.

8.3 Entities of the same corporate group

Of ASPharma, when necessary for the stated purposes, with appropriate safeguards.

International data transfers

Some of our technology providers may be located or process data in countries other than Chile. In particular:

  • Cloudflare, Inc. is domiciled in the United States of America. Turnstile anti-bot verification may involve the processing of your IP address and technical data in infrastructure located outside Chile.
  • Google LLC is domiciled in the United States of America. When you give consent for analytics cookies, your site usage data is processed by Google in its global infrastructure (primarily the U.S. and the European Union).

When there is an international transfer of your personal data, ASPharma will adopt the safeguards required by applicable Chilean regulations, such as:

  • Verifying that the destination country offers an adequate level of protection, or
  • Entering into contractual clauses that ensure a level of protection equivalent to the Chilean one, or
  • Applying any other valid mechanism recognized by current legislation or by the Data Protection Agency.

You can request additional information about these transfers by writing to privacidad@aspharma.cl.

Security measures

ASPharma adopts technical and organizational measures reasonable and appropriate to the level of risk of the processing, to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration or destruction. These measures include:

  • Access control based on the principle of least privilege.
  • Encryption in transit (TLS/HTTPS) and at rest where applicable.
  • Secure authentication and audit logs.
  • Periodic backups and continuity plans.
  • Personnel training in data protection and confidentiality.
  • Confidentiality agreements with personnel and providers.

Notwithstanding the above, no electronic transmission or storage system is completely secure, so we cannot guarantee absolute security.

Security breach notification

In the event of a security breach affecting your personal data that poses a risk to your rights, ASPharma will notify the incident to the Data Protection Agency without undue delay (ideally within 72 hours of becoming aware of it) and, where high risk exists, also to the affected data subjects, in the terms required by regulations.

Rights of the data subject

As a data subject, you may exercise the following rights regarding your personal data at any time:

  • Access: to know whether we process your data and, where applicable, obtain a copy and information about the processing (categories, purposes, recipients, periods, origin and existence of automated decisions).
  • Rectification: correct inaccurate, outdated or incomplete data.
  • Cancellation or erasure ("right to be forgotten"): delete your data when it is no longer necessary, when you withdraw consent or when there is unlawful processing, within legal limits.
  • Objection: object to processing based on legitimate interest or aimed at direct marketing.
  • Portability: receive the data you have provided in a structured, commonly used and machine-readable format and transmit it to another controller where technically possible.
  • Blocking or restriction of processing: temporarily suspend processing while a request or dispute is resolved.
  • Not be subject to automated decisions with significant legal effects without human intervention.
  • Withdraw previously granted consent.
  • File a complaint with the supervisory authority (see Section 16).

These rights may be limited or denied only when one of the grounds provided by law applies.

Procedure to exercise your rights

You may exercise the described rights by sending a request to the following email address:

privacidad@aspharma.cl

Your request must contain:

  • Full name.
  • Contact method for our reply.
  • Right or rights you wish to exercise.
  • Clear description of the request.
  • Documentation proving your identity (when strictly necessary and proportionate to the nature of the request).

Response time: ASPharma will respond to your request within 30 calendar days of receipt. This period may be extended when the complexity or number of requests justifies it, informing you in advance.

The exercise of these rights is free of charge, except for manifestly unfounded or excessive requests, particularly due to their repetitive nature.

Cookies and local storage

ASPharma uses cookies and similar technologies on its website. The categories used are detailed below. For full information, see our Cookie Policy.

14.1 Strictly necessary cookies (no consent required)

Essential for the basic operation of the site. They do not require user consent and are loaded automatically.

14.2 Browser local storage (localStorage)

To improve your experience with the contact form, we use your browser's local storage (localStorage) to save the progress of your responses on your own device, so you can resume the form if you close it before submitting.

This information remains in your browser and is not transmitted to our servers until you press "Send".

You can clear local storage at any time from your browser settings (typically in the "site data" or "cookies and storage" section).

14.3 Cloudflare Turnstile (anti-bot mechanism)

The site integrates the Cloudflare Turnstile service as a security mechanism to protect the contact form from automated submissions (bots, scraping and abuse). This service operates in invisible mode: it runs automatically in the background during form submission, without requiring user interaction or displaying visible widgets on screen.

To perform the verification, Cloudflare may collect and process technical data such as IP address, browser signals, HTTP headers and device behavior data. Cloudflare may also set technical cookies on its own domain (challenges.cloudflare.com) to validate the session during verification. These cookies and data are not accessible from our site and are processed by Cloudflare as an independent controller, in accordance with its own terms.

To learn in detail what information Cloudflare processes through Turnstile, its purposes and retention periods, you can consult:

Legal basis: the use of Turnstile is grounded in ASPharma's legitimate interest in protecting its systems from automated abuse, ensuring the integrity of communications and the security of the service, in accordance with applicable regulations. This verification is strictly necessary for the secure provision of the service requested by the user when submitting the form.

14.4 Google Analytics 4 — analytics cookies (subject to consent)

ASPharma uses Google Analytics 4 (GA4), a web analytics tool provided by Google LLC, to understand how our website is used (most visited pages, time spent, traffic sources, devices used) and improve the user experience.

GA4 is NOT activated by default. It is only loaded if the user gives express consent through the cookie banner shown on the first visit to the site. If the user declines consent, GA4 is not loaded at all and no information is transmitted to Google.

When there is consent, GA4 may set cookies (_ga, _ga_*) with a maximum duration of 24 months and collect: an anonymous user identifier; pages visited, events and session time; device type, browser and operating system; approximate geographic location (city or region level); and traffic source.

Conversion events: additionally, when a user successfully submits the B2B contact form, ASPharma records an event named "formulario_enviado" together with categorical metadata about the form (project type and project status, both predefined values from closed lists). This data does not contain any personal information about the user.

IP anonymization: ASPharma configures GA4 with IP anonymization, so the full IP address is never stored by Google. Google Signals, remarketing and personalized advertising are not used.

Legal basis: the user's express consent, given through the cookie banner.

For more information on how Google processes data, see the Google Privacy Policy and how Google uses data from sites that use its services.

14.5 Consent management

On your first visit to our site, a cookie banner is displayed that lets you Accept analytics cookies, Decline analytics cookies or Customize your preferences granularly.

Your choice will be recorded and respected for a maximum period of 12 months. You can change or withdraw your consent at any time through the "Cookie settings" link in the site footer. ASPharma does not use marketing, advertising or remarketing cookies.

Commercial communications

ASPharma does not currently send commercial, promotional or marketing communications to contacts received through the form of this website. The only communication you will receive as a consequence of submitting the form will be our commercial team's reply to the inquiry you raised.

If in the future ASPharma decides to start sending commercial communications, it will do so only with respect to those data subjects who have previously granted their express, specific and separate consent for that purpose, in accordance with applicable regulations. In such case, this Policy will be updated and affected data subjects will be informed.

Complaints before the supervisory authority

If you consider that the processing of your personal data by ASPharma does not comply with applicable regulations, we ask you to first contact us at privacidad@aspharma.cl to try to resolve your concern.

Without prejudice to the above, you may file a complaint with the Data Protection Agency (supervisory authority created by Law No. 21.719), once it fully starts operations, or with the competent judicial authority pursuant to current regulations.

Changes to this Policy

ASPharma may update this Privacy Policy when necessary, for example to reflect legal, technical, organizational or commercial changes.

The current version will always be available on our website, indicating its last update date. When changes are substantial, we will communicate them through appropriate means.

Applicable law and jurisdiction

This Policy is governed by the laws of the Republic of Chile, in particular by Law No. 19.628 on the protection of private life and Law No. 21.719 on the protection of personal data (from December 1, 2026), as well as by their regulations and complementary rules.

For any dispute, the parties submit to the ordinary courts of justice based in the city of Santiago, unless legal provisions establish otherwise.

Contact

For any inquiry related to this Privacy Policy or to the processing of your personal data, you can contact us at:

ASPharma Chile SpA privacidad@aspharma.cl www.aspharma.cl